Computing services in computing service environments are often targets for malicious attacks conducted over a computing network. These malicious attacks can potentially cause a targeted computing service system to slow to a point that physical hosts included in the computing service system are unable to respond to legitimate network requests. For example, a DDoS (Distributed Denial of Service) attack may be a type of malicious attack that distributes a DoS (Denial of Service) program among several computing devices that in turn may flood a computing service system with network packets (e.g., SYN (synchronization) packets). The flood of network packets may cause network performance to slow resulting in system paralysis for the computing service system.
In the event of a malicious attack, computing service providers may have a difficult time distinguishing non-malicious network traffic from malicious network traffic. For example, a DDoS attack may involve multiple computing devices sending requests to perform some type of network action to a target computing service. The IP (Internet Protocol) address for the computing devices sending the requests may be changed in an attempt to make the request appear to originate from a legitimate or known client device, thereby making identification of the attacking computing devices problematic.